IETF Logo Mail Archive

Re: [MMUSIC] Question about draft-ietf-rtcweb-mdns-ice-candidates

Youenn Fablet <youenn@apple.com> Tue, 15 December 2020 10:50 UTC

Return-Path: <youenn@apple.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 964723A0F41 for <mmusic@ietfa.amsl.com>; Tue, 15 Dec 2020 02:50:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.201
X-Spam-Level:
X-Spam-Status: No, score=-0.201 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pKO7pm61o65i for <mmusic@ietfa.amsl.com>; Tue, 15 Dec 2020 02:50:08 -0800 (PST)
Received: from nwk-aaemail-lapp02.apple.com (nwk-aaemail-lapp02.apple.com [17.151.62.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE6FB3A0F0B for <mmusic@ietf.org>; Tue, 15 Dec 2020 02:50:07 -0800 (PST)
Received: from pps.filterd (nwk-aaemail-lapp02.apple.com [127.0.0.1]) by nwk-aaemail-lapp02.apple.com (8.16.0.43/8.16.0.42) with SMTP id 0BFAU0SF032445; Tue, 15 Dec 2020 02:50:04 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=Nz83vJbcoAgM0qejazvKddrfupg0+2JOnQPzOUOfnvM=; b=epUHHTL9HTCe+pJNxaSTmcy+oay5fn9Luffp08h0+MjTbV83qly4PYLNUDdTisDWg+Re FzOU1zOyw5LuhOIFhCvkbxOCav8OXdLvHktBbDWCBHooJLVIgWeAa2X6IraLe02d81pP d7aASRgEZtb2qCZPR8QNy86h6haK/utyPkKmsKW6ns59Uhnisoe4KKLQ3GwAS99002NB tiJG4DDS9+kd1fvuDa2QyEtSK4FOcbu4os/lWPHFJg3TuCkpHr7A2l/BXjg2ib9SmWyP Ju711cB5RBbVfcVvw3IWJ2eGFBV9s9rdD/oZb2n7RHHBOiTYgGKAAMzQPy0Yg8jGMkZK EA==
Received: from crk-mailsvcp-mta-lapp01.euro.apple.com (crk-mailsvcp-mta-lapp01.euro.apple.com [17.66.55.13]) by nwk-aaemail-lapp02.apple.com with ESMTP id 35cuan17rv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Tue, 15 Dec 2020 02:50:04 -0800
Received: from crk-mailsvcp-mmp-lapp03.euro.apple.com (crk-mailsvcp-mmp-lapp03.euro.apple.com [17.72.136.17]) by crk-mailsvcp-mta-lapp01.euro.apple.com (Oracle Communications Messaging Server 8.1.0.6.20200729 64bit (built Jul 29 2020)) with ESMTPS id <0QLD0104LNFFXZ20@crk-mailsvcp-mta-lapp01.euro.apple.com>; Tue, 15 Dec 2020 10:50:03 +0000 (GMT)
Received: from process_milters-daemon.crk-mailsvcp-mmp-lapp03.euro.apple.com by crk-mailsvcp-mmp-lapp03.euro.apple.com (Oracle Communications Messaging Server 8.1.0.6.20200729 64bit (built Jul 29 2020)) id <0QLD00V00N0S9600@crk-mailsvcp-mmp-lapp03.euro.apple.com>; Tue, 15 Dec 2020 10:50:03 +0000 (GMT)
X-Va-A:
X-Va-T-CD: aef97599291f794bfd15f649b0ecb40c
X-Va-E-CD: 4a99e65d46beb861be296676b433d336
X-Va-R-CD: c3fa3d2d31bdd74b39b0a0a8db25ddb1
X-Va-CD: 0
X-Va-ID: d9605659-5dda-4283-a264-c758bca26ab3
X-V-A:
X-V-T-CD: aef97599291f794bfd15f649b0ecb40c
X-V-E-CD: 4a99e65d46beb861be296676b433d336
X-V-R-CD: c3fa3d2d31bdd74b39b0a0a8db25ddb1
X-V-CD: 0
X-V-ID: 9443c73a-5bc8-470a-b22c-889cfe54d5d1
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737 definitions=2020-12-15_08:2020-12-14, 2020-12-15 signatures=0
Received: from [17.235.200.27] (unknown [17.235.200.27]) by crk-mailsvcp-mmp-lapp03.euro.apple.com (Oracle Communications Messaging Server 8.1.0.6.20200729 64bit (built Jul 29 2020)) with ESMTPSA id <0QLD0070TNFCXI00@crk-mailsvcp-mmp-lapp03.euro.apple.com>; Tue, 15 Dec 2020 10:50:02 +0000 (GMT)
From: Youenn Fablet <youenn@apple.com>
Message-id: <7AE9B4D4-294D-4CDC-8AE9-DD1A73B8CB0B@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_611B37FE-497D-41EF-BAA8-D1D6BCE19C25"
MIME-version: 1.0 (Mac OS X Mail 14.0 \(3654.40.0.2.32\))
Date: Tue, 15 Dec 2020 11:50:00 +0100
In-reply-to: <CAD5OKxvJSkroHR36r3tkh9Z6mduWn8ZXyN9Pzi8migdh9Dd3UQ@mail.gmail.com>
Cc: Qingsi Wang <qingsi@google.com>, Justin Uberti <juberti@google.com>, mmusic WG <mmusic@ietf.org>
To: Roman Shpount <roman@telurix.com>
References: <CAOJ7v-1VEsXobYaq0UdOkaGLGbnNH40srDX+tg+OYZivGRVhNw@mail.gmail.com> <c13a7ebd-73d3-4429-3f0c-77071dda62c6@cisco.com> <1509C133-A893-4F44-9859-541B1F31F95B@apple.com> <CA+m752+V5r+-CB=4-ckhTWRUdHy+2Ap1UxRk-2mafDOhFhtGnA@mail.gmail.com> <8f1951af-d0a3-1f05-c3a8-a2a907a8320c@cisco.com> <CAOJ7v-1Aj2jSxPqFzVqvDZz1CP9=KpVGUxpAg16i+63iT5gsNg@mail.gmail.com> <CAOJ7v-3OQDEy_OYnDeU0KWw88m6W0pR_or9CYPiEJuAnEX0W-w@mail.gmail.com> <e14ba43d-ba21-609f-223e-d1f703fb9770@cisco.com> <CA+m752LWz=SkCHGwzBXzMkEyWb3R5A20OVAsjGiGbE8g=6dciA@mail.gmail.com> <7111cec3-35de-7067-6d4f-b62063224d53@cisco.com> <597A03E6-DBD1-4EA1-BFE3-F24FCF028CFC@apple.com> <dde99284-53ba-12fd-af69-62798a811ec3@cisco.com> <CAD5OKxv6f0GeL5xqaVuCtzFLE0Rkzse6LdiSty-4zxYqBm_YFQ@mail.gmail.com> <CAOJ7v-2c7p6+K6aZfyeBNB71X-1aBNFCZtnfb1A-TCtb3ma7-A@mail.gmail.com> <a489fb7e-1d70-e79a-d4a9-683f43b7e691@cisco.com> <CAOJ7v-2tEZkzrdFyQ_64bY+O8XXGkPRUk75Ejnwn36P=KHv+Hw@mail.gmail.com> <4a30a974-fbef-5b79-d91d-43f0ab3abca9@cisco.com> <8C5F94F4-5226-4875-AE25-07D0551566B8@apple.com> <AM0PR07MB386020B236D6C7676DBB150193C70@AM0PR07MB3860.eurprd07.prod.outlook.com> <CAD5OKxuznrD2JtWSo3rKpQFAOhzLpy=HjMvsCs5UVsRi9EDZ4g@mail.gmail.com> <CAD5OKxuKx=-grwDkXSFrboXdkbO4KOZBh85aHJaLr+fTyNM48w@mail.gmail.com> <CA+m752+GzWqVQHVELVkGbyRH4y0cR7o0TjL3+PvKUZwhYJX0jA@mail.gmail.com> <CAD5OKxvJSkroHR36r3tkh9Z6mduWn8ZXyN9Pzi8migdh9Dd3UQ@mail.gmail.com>
X-Mailer: Apple Mail (2.3654.40.0.2.32)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737 definitions=2020-12-15_08:2020-12-14, 2020-12-15 signatures=0
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/mqan_gMsmeqcfR3cbjp8-HRiSDg>
Subject: Re: [MMUSIC] Question about draft-ietf-rtcweb-mdns-ice-candidates
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Dec 2020 10:50:10 -0000

A few thoughts from looking at the solution you are proposing.

In general, the fact that the candidate priority is affected might not prevent the connection to happen.
I am not sure a change of the candidate priority warrants adding the expected address type.

If an ICE agent gets multiple IP addresses from resolving a FQDN candidate, the ICE agent might either drop the candidate or select an IP address from an unexpected address type.
This might affect connection establishment.
As Qingsi said, the draft contains mitigations so that this situation should not happen for mDNS candidates.
This could potentially happen for non mDNS FQDN candidates but is outside the scope of the mDNS draft.

> On 15 Dec 2020, at 06:25, Roman Shpount <roman@telurix.com> wrote:
> 
> Based on this, do you assume that the ICE agent will directly resolve MDNS candidates without using any third-party libraries or going through DNS proxies?
> 
> My concern is that DNS proxy running in the CLAT in the mobile device can translate IPv4 address to IPv6 address. I was looking for an implementation where CLAT is located on the device is running in combination with MDNS but could not find anything. I think DNS translation is done in the client library on Android when 464XLAT is used, but I might be wrong since I don't directly deal with this.
> _____________
> Roman Shpount
> 
> 
> On Mon, Dec 14, 2020 at 3:40 PM Qingsi Wang <qingsi@google.com <mailto:qingsi@google.com>> wrote:
> > Is it possible for an IPv4 MDNS name allocated by one end-point to be resolved as IPv6 address by another end-point, or visa-versa (IPv6 MDNS name be resolved as IPv4)?
> 
> I don't think so given the requirement in the draft and also available implementation options of mDNS responder in an ICE agent. The draft requires an ICE agent to expose different mDNS names for each address if it uses an interface with both IPv4 and IPv6 addresses. As a result, even if there is caching in the subnet by other endpoints and another endpoint tries to reply to a query for the name, the resolution should be consistent. As an implementation strategy, the ICE agent can 1) set the cache-flush bit in their response (and/or announcement) per RFC 6762 to indicate this is not a shared record type and purge inconsistency in the subnet, and 2) attach a NSEC record in the additional section of the response to indicate the sole existence of either A or quar-A record of a name. This is admittedly all based on the assumption that there is no rogue endpoint that tries to mess the local messages, which is a different story outside the scope of this draft.
> 
> > I specifically would like to know if something like 464XLAT can cause MDNS resolution results to be converted to a different IP address type.
> 
> I don't recall behaviors like this in 464XLAT or NAT (not expecting them to change the packet payload).
> 
> On Mon, Dec 14, 2020 at 12:06 PM Roman Shpount <roman@telurix.com <mailto:roman@telurix.com>> wrote:
> I have a general question about MDNS that will affect the mdns-ice-candidate draft:
> 
> Is it possible for an IPv4 MDNS name allocated by one end-point to be resolved as IPv6 address by another end-point, or visa-versa (IPv6 MDNS name be resolved as IPv4)?
> 
> I specifically would like to know if something like 464XLAT can cause MDNS resolution results to be converted to a different IP address type.
> 
> If this can happen, then the MDNS candidate can generate more than one local candidate or a candidate of a different address type, affecting candidate priority. I think the stability of the FQDN candidate resolution, including the MDNS candidate resolution, can improve if the expected address type is specified for each candidate as a candidate extension.
> _____________
> Roman Shpount
> _______________________________________________
> mmusic mailing list
> mmusic@ietf.org <mailto:mmusic@ietf.org>
> https://www.ietf.org/mailman/listinfo/mmusic <https://www.ietf.org/mailman/listinfo/mmusic>

v2.23.0 | Report a Bug | By Email